mac address in data vlan - drop

Bilik.AA at lsrgroup.ru Bilik.AA at lsrgroup.ru
Wed Nov 19 08:54:57 CET 2014


Hello everybody!
I faced such issue. When I connect CiscoPhone and a computer through it to my cisco switch port, authentication goes well (voice vlan for phone and data vlan for computer), but when I plug a computer off from Cisco Phone and plug in again, authentication is ok too but on port I see that:

   1    a000xxxxxxxxxxxx    DYNAMIC     Drop
100    001exxxxxxxxxxxx    STATIC      Fa0/35

So computer can’t get access to local network.

Port settings are following:

---------------------------------------------------------
switchport mode access
switchport nonegotiate
switchport voice vlan 100
no logging event link-status
authentication host-mode multi-domain
authentication port-control auto
authentication violation replace
mab
storm-control broadcast level pps 100
spanning-tree portfast
spanning-tree bpduguard enable
---------------------------------------------------------

How it can be fixed?

(I work with freeradius-server-2.2.5 now)

Thanks in advance,
Alex Bilik

С уважением,

Александр Билик
Инженер по информационной безопасности
Группа управления коммуникациями
Группа ЛСР

E-mail: Bilik.AA at lsrgroup.ru<mailto:Bilik.AA at lsrgroup.ru>
www.lsrgroup.ru

[cid:image003.png at 01D003E7.42ED21B0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141119/c530eecf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1259 bytes
Desc: image003.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141119/c530eecf/attachment-0001.png>


More information about the Freeradius-Users mailing list